Command-Injection

Command Injection Description. Command injection (also known as OS command injection) is a vulnerability that allows an attacker to execute arbitrary operating system commands on the server hosting an application. This typically occurs when an application passes unsafe user-supplied data (forms, cookies, HTTP headers, etc.) to a system shell without proper validation or sanitization. Dangerous Functions by Platform PHP: exec(), shell_exec(), system(), passthru(), proc_open(), popen(),etc... Java: Runtime.exec(),ProcessBuilder,etc... Python: os.system(), os.popen(), subprocess.Popen(), subprocess.call(), eval(),etc... ...